Yikes I Have Been Hacked


I had just opened up my network to outside requests ,thinking this will only take a few minutes.  The idea was to  attack my home network from the outside, blasting it  with endless loops of rapid queries from external servers in cyber space, thus simulating a DDOS attack  .    It turns out I was not alone in attacking my Network .

When I went to my monitor DDOS monitor screen to see my attack, I saw  the chart below.   All those Source Ports showing  22 are the result of a server on my network , randomly attempting to login to computers outside my network .  How ironic , while testing my own DDOS software from an outside attack , I find out that one of my servers has been hijacked to do the dirty work for some other hacker.  I am only showing about 46 attempts  in the table below, but all in all ,there were about 450 of them.  They  appeared all of a sudden out of nowhere.  And then, Comcast shut me down, when I hit their security circuit breaker.  Or so I surmised, because this is not the first time this has happened to me, and I usually get  a call from Comcast telling me to run my virus software.  You know how you are not supposed to talk to strangers ? Well I had been getting these calls out of the blue from somebody claiming to be “Comcast” security , and the sounds in the background during the scratchy call were like one of those Indian boiler plate call centers … so I had been ignoring them, just humoring these people.  But perhaps they really were Comcast ? Or perhaps this was just the coup do grace from the hacker pretending to be Comcast after orchestrating the attack, in order to gain my trust and get my bank account ?  Like a bad Mission Impossible plot I don’t know who to trust anymore.
Index     SRCP    DSTP    Wavg    Avg       IP1           IP2           Ptcl  Port  Pool  TOS
0     46762      22   203   336    191.7.193.69   192.168.1.130  TCP   1   2    1
1     54211      22    29    90    85.25.211.119   192.168.1.130  TCP   1   2    1
2     52734      22    15     0    174.159.244.177   192.168.1.130  TCP   1   2    1
3        22   33388    42     0    192.168.1.130   93.97.181.70  TCP   2   2    1
4        22   49398   238   277    192.168.1.130   125.137.155.50  TCP   2   2    1
5     49184      22    66   152    192.81.170.254   192.168.1.130  TCP   1   2    1
6        22   49184   163   374    192.168.1.130   192.81.170.254  TCP   2   2    1
7     51722      22   142   214    217.92.189.104   192.168.1.130  TCP   1   2    1
8     38133      22    11     0    146.155.249.71   192.168.1.130  TCP   1   2    1
9     55232      22    93   400    178.49.172.175   192.168.1.130  TCP   1   2    1
10     50373      22    20    40    190.81.51.11   192.168.1.130  TCP   1   2    1
11        22   40073    21    35    192.168.1.130   31.45.215.117  TCP   2   2    1
12        22   39950    11    40    192.168.1.130   101.251.207.162  TCP   2   2    1
13        22   51889     9     0    192.168.1.130   169.236.135.241  TCP   2   2    1
14        22   53866   204  1036    192.168.1.130   95.211.215.206  TCP   2   2    1
15     57596      22    93   236    207.244.67.170   192.168.1.130  TCP   1   2    1
16        22   51971   188   384    192.168.1.130   66.242.228.2  TCP   2   2    1
17        22   53617   328   580    192.168.1.130   37.228.133.94  TCP   2   2    1
18     52574      22   206   338    177.21.237.77   192.168.1.130  TCP   1   2    1
19        22   56081    23    93    192.168.1.130   216.104.36.94  TCP   2   2    1
20        22   41126   213   771    192.168.1.130   176.31.199.232  TCP   2   2    1
21        22   33853   209   384    192.168.1.130   71.11.128.190  TCP   2   2    1
22        22   52185   282  2369    192.168.1.130   74.220.208.72  TCP   2   2    1
23        22   54224   224  1032    192.168.1.130   46.32.230.170  TCP   2   2    1
24        22   52065   710   806    192.168.1.130   49.212.12.217  TCP   2   2    1
25     43568      22    28    88    52.2.123.169   192.168.1.130  TCP   1   2    1
26        22   39032   200   558    192.168.1.130   199.34.242.73  TCP   2   2    1
27     53968      22   148   265    37.228.133.94   192.168.1.130  TCP   1   2    1
28     39950      22    17    60    101.251.207.162   192.168.1.130  TCP   1   2    1
29        22   44785   320   464    192.168.1.130   87.230.40.94  TCP   2   2    1
30     41889      22    13     0    70.4.134.198   192.168.1.130  TCP   1   2    1
31        22   35743   233   368    192.168.1.130   141.105.174.210  TCP   2   2    1
32        22   48689   298   373    192.168.1.130   12.11.100.194  TCP   2   2    1
33     36165      22   226   293    200.170.215.154   192.168.1.130  TCP   1   2    1
34     44991      22    53   146    191.5.224.79   192.168.1.130  TCP   1   2    1
35     38500      22   180   345    192.227.164.167   192.168.1.130  TCP   1   2    1
36     50944      22     8     0    199.174.12.17   192.168.1.130  TCP   1   2    1
37     39511      22   168   319    104.128.117.32   192.168.1.130  TCP   1   2    1
38     53820      22    16    30    95.84.153.61   192.168.1.130  TCP   1   2    1
39     47030      22   225   261    190.161.86.105   192.168.1.130  TCP   1   2    1
40        22   38500   367   735    192.168.1.130   192.227.164.167  TCP   2   2    1
41     33165      22   119   248    138.94.144.250   192.168.1.130  TCP   1   2    1
42     51185      22    18    60    46.105.163.187   192.168.1.130  TCP   1   2    1
43     48472      22    18    60    72.249.105.159   192.168.1.130  TCP   1   2    1
44     32890      22    89   174    95.177.200.94   192.168.1.130  TCP   1   2    1
45     57725      22    75   180    88.11.129.198   192.168.1.130  TCP   1   2    1
46        22   55358  1072  1373    192.168.1.130   138.91.57.190  TCP   2   2    1

NetEqualizer News: August 2015


August 2015

Greetings!

Enjoy another issue of NetEqualizer News! This month, we preview our 8.4 Winter Release plans, highlight several recent testimonials from K-12 schools, talk about a DDoS attack thwarted by NetEqualizer, announce our new social media presence on Twitter, and discuss Demo Site updates. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

It is hard to believe it, but summer is almost over – at least for all the students going back to school or college in late August here in the U.S.! artIn honor of back-to-school, this month we share some of our latest testimonials from schools – see what they are saying about the NetEqualizer! We also highlight a real-life experience of how we helped one of our school customers catch a DDoS botnet. And, if you want to school yourself in something new, you can view our latest 8.3 reports, now available on our Demo Site.

And although it is still warm, we are starting to plan for winter – read about our Winter Release plans below, and let us know what you think!

twitterWe are excited to announce that NetEqualizer is now on Twitter! You can now follow us @NetEqualizer.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at art@apconnections.net. I would love to hear from you!

NetEqualizer is now on Twitter!

We are excited to announce that NetEqualizer has joined Twitter!twitter

If you would like to follow us, our handle is @NetEqualizer.

Just like our popular NetEqualizer News blog, @NetEqualizer will be geared toward topics around network optimization and Internet security.

We will tweet out insights on subjects from the latest in network security, traffic shaping, QoS, and net neutrality, as well as commentary on the state of Internet politics.

If this sounds interesting to you, follow us and share our account with others!


Let’s Go Back to School!
What K-12 schools are saying about NetEqualizer

Did you know NetEqualizer is a K-12 School Top 100 Product? K-12 school IT administrators love NetEqualizer! So much so that many have agreed to provide testimonials for us to post on our website.

Here are some of the recent ones we added:

The Lawrenceville School

lawrenceville

“We’ve been a NetEqualizer customer for several years and I want you to know how pleased we are with it. Unlike our previous bandwidth management product which required constant tending and updates, the NetEqualizer works exactly as advertised: plug it in and forget it. Our Internet connections run smoothly regardless of the kind or amount of traffic thrown at it. Thanks again!”

Mark Costello – Network Engineer

Miss Hall’s School

misshalls

“We have been extremely happy with our NetEqualizer. Gone are the bottlenecks that used to occur when all of our students were on the Internet at the same time. The NetEqualizer handles all of the bandwidth management, keeping our users happy, and has been completely hassle-free for our admins.”

Matt Pocock – Director of Technology

The Athenian School

athenian

“NetEqualizer is one of very few products that lives up to its promise. After initial configuration it simply does manage traffic in defined pools/objects. There is no complex application based rules or management required. It is a fantastic product that makes the life of a school network manager easier.”

Matt Binder – Director of Information Systems

Contact us if you would like your quote added to our testimonials page – even if you are not in the education space! We love hearing from all our customers about how we’ve helped them control congestion on their networks.

contact_us_box-1


NetEqualizer Demo Site Has 8.3 Reporting
Updated with 8.3 Reporting

The NetEqualizer Demo Site now has the latest release (8.3) applied! This means that all of the exciting new features we’ve been discussing in our newsletter over the last few months are available to see for both new and existing customers.pdg

If you’d like to check out the new 8.3 features for yourself, you can do so here.

We’ve also updated our Product Demo Guide to reflect some of the changes we’ve made to the site.

If you have any questions about the latest release or would like to schedule a Technical Refresh to go over the new features, please feel free to contact us!

contact_us_box-1


DDoS Gets Real

Think DDoS attacks only happen to other organizations? Sadly, no one is immune. The NetEqualizer is often placed in a unique position in a network such that it can provide real-time intelligence as to whether or not a DDoS attack is occurring. See recent articles regarding DDoS in our blog.

We’ve already heard stories from customers about how they’ve used the NetEqualizer to thwart DDoS attacks but we’ve never actually witnessed one in person – until last week. During a Tech Refresh call with one of our K-12 customers, the training engineer noticed abnormal traffic initiated from the outside to one of the school’s database servers. The IP looked suspicious and when geolocated, turned out to be from Hong Kong. The engineer then looked up the IP address in the active connections table and discovered it was hammering port 22 (SSH). This could have been a multitude of things including the beginning of a DDoS attack or a brute force attempt at connecting to the server. The school administrator immediately took action and blocked the IP.

PastedGraphic-1

While the NetEqualizer is excellent and controlling bandwidth congestion, don’t forget that its data can also be helpful in diagnosing other network-related issues, including DDoS!

See our recent blog article about discovering this attack, here.

contact_us_box-1


8.4 Winter Release Plans

We are excited to announce that our Winter Release (8.4) is underway! 8.4 is targeted for the November through January 2016 timeframe

This release will focus on several key areas in the NetEqualizer GUI: Pool Enhancements, DDoS Alerts, and Built-in Configuration & Scripts, which we will discuss below.

Pool Enhancements
Many of you are familiar with our concept of shared limits, which we call “Pools.” Pools are a great way to allocate bandwidth (not reserved) to a group of IPs or subnets. Pools are used by many NetEqualizer customers who need to provide bandwidth to groups of users on their networks.

We find that Pools align with various concepts for different customer types:

1) Access Points (Internet Providers)
2) Buildings (Colleges or Schools)
3) Groups (Libraries – patrons/staff, Schools – staff/students/wireless guests)

As Pools have grown in popularity over the years, we now are focusing on making them easy to use. To do this we are going to add the ability to name your pools (so that you can better keep track of them), view subnets within your pools (so that you can better see which pool a user belongs to), and the ability to edit pools on the fly (so that you no longer have to remove and re-add them when you need to make a change).

DDoS Alerts
Adding to our existing email alert capability, we are now going to build in alerts for suspected DDoS traffic picked up by our DDoS Monitor. While checking the DDoS periodically will still be important, the alerts will give you piece of mind that your network is always being monitored for abnormal traffic.

ddos

For an example of why this is important, see the article titled “DDoS Gets Real” in this month’s newsletter.

Built-in Configuration & Scripts
Another feature of 8.4 will be the incorporation of some of our most popular custom configuration scripts that historically have only been available via our online help or our support team.

We will now have interfaces for setting up HTTPS on your NetEqualizer as well as the ability to have time-of-day configurations (configurations that change based on different needs throughout the day).

The goal with these features is to reduce work for customers, streamline workflow, and enhance our user interface with some of our most popular scripts that are not yet represented via the GUI.

If you have an idea for a GUI enhancement aligned with Pools, DDoS or Built-in Configuration & Scripts that you would like to be considered for 8.4, please let us know!

contact_us_box-1

These features are free to all customers with valid NetEqualizer Software and Support. If you are not current with NSS, contact us today!


Best Of The Blog

How Does Your ISP Actually Enforce Your Internet Speed?

By Art Reisman – CTO – APconnections

Every once in a while I’ll post something on Reddit just to see the response. A couple of weeks ago I posted a link to this article and it generated about 3,000 hits over the course of a day.

This was even after I got a nasty note from the moderator saying I posted it in the wrong place. It was kind of ironic that 3,000 people were interested, maybe they click on anything that blinks?

I don’t know. Many of these articles you see on our blog are the result of technical conversations with customers. I’ll spend a good deal of mental energy explaining a concept and when appropriate I’ll take my notes and turn into an information article. Hence this blog post was born, I never imagined it would have such broad appeal.

Have you ever wondered how your ISP manages to control the speed of your connection? If so, you might find the following article enlightening. Below, we’ll discuss the various trade-offs used to control and break out bandwidth rate limits and the associated side effects of using those techniques.

Dropping Packets (Cisco term “traffic policing”)

One of the simplest methods for a bandwidth controller to enforce a rate cap is by dropping packets. When using the packet-dropping method, the bandwidth controlling device will count the total number of bytes that cross a link during a second. If the target rate is exceeded during any single second, the bandwidth controller will drop packets for the remainder of that second. For example, if the bandwidth limit is 1 megabit, and the bandwidth controller counts 1 million bits gone by in 1/2 a second, it will then drop packets for the remainder of the second. The counter will then reset for the next second. From most evidence we have observed, rate caps enforced by many ISPs use the drop packet method, as it is the least expensive method supported on most basic routers…

Photo Of The Month
11826053_10103359251010943_8461014502151942597_n
North Arapaho Peak

North Arapaho Peak is the king of the Indian Peaks Wilderness Area in the Rocky Mountains just west of our home near Boulder, CO. Not only is it the tallest in the area (13,508 ft), it is also the most difficult non-technical climb.

The route involves an easy hike up to the summit of South Arapaho Peak – and the cruxes of the climb are five unique points along the ridge that connects the two mountains. The 0.75 mile ridge takes nearly an hour to complete in one direction and has significant exposure to falling below. This picture is from the ridge, looking down on Arapaho Glacier – a protected area that serves as the watershed for the City of Boulder.

DDoS Attacker Caught in the Act


Before the telescope, planets and stars were just dots of light to the human eye. Before the invention of X-rays, and the MRI, doctors often could not determine the cause of a problem until a person was in an autopsy room.

Today, there is no reason to remain blind to DDoS and hacking intrusions.

This morning I got a text message from our training engineer at a customer site. “Just stopped a Chinese DDoS attack at the #### school.”

Our training engineer was not even doing a security audit. He was simply walking through the features of our product. He had scrolled over to our DDoS monitoring tool, and right away this attack popped out. It was as clear as a large cancerous tumor in an MRI. He noticed an outside entity was bombarding the customer link with all kinds of queries.

The attacker stood out because our DDoS tool identifies uninvited queries, as well as gives you a count of how often they are hitting your enterprise. Our engineer then checked the source of the incoming IP, and thus removed any lingering doubt that this was a hostile attack. The requests were originating from China, which was not an expected source of traffic on this school’s network.

This wasn’t yet a full-scale DDoS attack, but the warning signs were clear. The attacker happened to be hitting port 22, probing for login vulnerability on all the servers inside the school. From the frequency of the incoming requests, it was obviously a bot. Combining the frequency of hits with the fact that it was an uninvited outside IP address, it stood out like a sore thumb in our DDoS monitor (easily flagged). Once identified, the IT administrator at the school was then able to block the IP, averting any further shenanigans from this hacker.

In everyday life, we’re able to identify warning signs and act accordingly for our own protection. For example, if a person showed up at your front door wearing a ski mask with an AK-47, you would likely not let them in, right? The threat would be obvious. The point is it should not be expensive or impractical for the average layman to also easily spot a security risk on a network. You just need a tool that exposes them.

You Also Might Like

Firewall Recipe for DDoS Attack Prevention and Mitigation

Dear Comcast, Please Stop Slowing my iOS Update


Last week I was forced to re-load my iPad from scratch. So I fired it up and went through the routine that wipes it clean and re-loads the entire OS from the Apple cloud.  As I watched the progress moniker it slowly climbed from 1 hour, then 2 hours, then all the way up to 23 hours –  and then it just stayed there. Now I know the iOS, or whatever they call it on the iPad, is big, but 23 hours big?  I double-checked the download throughput on my NetEqualizer status screen, and sure enough, it was only running at about 60 to 100kbs, no where near my advertised Business Class 20 megabits. So I did a little experiment. I turned on my VPN tunnel, unplugged my iPad for a minute, and then took some steps to hide my DNS (so Comcast had no way to see my DNS requests).  I then restarted my update and sure enough it sped up to about 10 megabits.

To make sure I was not imagining anything I repeated the test.

Without VPN  (slow)

With VPN (fast)

So what is going here, does the VPN make things go faster?   No not really, but it does prevent Comcast from recognizing my iOS update from Apple and singling it out for slower bandwidth.

Why does Comcast (allegedly) shape my download from Apple?

The long story behind this basically boils down to this: it is likely that Comcast really does not have a big enough switch going out to the Internet to support the deluge of bandwidth needed when a group of subscribers all try to update their devices at once.  Especially during peak hours!  Therefor, in order to keep basic services from becoming slow, they single out a few big hitters such as iOS updates.

NetEqualizer News: July 2015


July 2015

Greetings!

Enjoy another issue of NetEqualizer News! This month, we highlight exciting 8.3 Release features, talk about our experience at edAccess’s Vendor Day, encourage you to sign up for a Tech Refresh, spotlight our Hotel & Resorts offering, and update you on the NetEqualizer DDoS monitoring and prevention tool. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

Now that summer arthas officially arrived, we are ready for the heat in Colorado. It has been unusually rainy and cloudy here in July so far, and I would like more sunshine please!

Speaking of heat, this month we turn the heat up on several of our new features in 8.3, which are spotlighted below. 8.3 has been G/A since early June, in case you missed it. We also want you to take a Summer Course, no tests involved, and update you on Art’s latest visit back to school, namely the edAccess Conference. And finally, if you need relief from the heat of potential DDoS attacks, you have come to the right place. Our DDoS Monitor and Firewall can help! Read more below.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at art@apconnections.net. I would love to hear from you!

Spotlight: 8.3 Release Hot New Features

8.3 has been G/A since early June, and we have been receiving a lot of positive feedback on the new RTR reports. If you have not yet requested 8.3, what are you waiting for? Click here to request an upgrade to 8.3 from our support team.

This month, we are highlighting two features available in 8.3 – Historical and Active Penalty Tracking. We also talk our activated Management Port, a feature available on all new NetEqualizers!

One of the best features in the 8.3 release is increased visibility into how your NetEqualizer is penalizing traffic. We’ve added interfaces to the 8.3 release that allow you to see both the number of penalties enforced on your network historically, as well as all of the current connections that are being penalized.

Historical Penalty Tracking

The General Penalty Reports page under the Traffic History menu shows the number of penalties enforced on your network at a given point in time. This allows you to see when connections on your network were being Equalized.

penalties

Active Penalty Tracking

The View Active Penalties page under the Active Connections menu shows which connections are currently being Equalized along with their current state (New, Increased, or Decreased). This allows you to diagnose any performance issues and also gives you a real time look at how the penalties are being enforced and who they are being enforced on.

activepenalties

Management Port Enabled by Default on all NEW NetEqualizers

We strive to make setting up the NetEqualizer as simple as possible. In this spirit, last year we moved all new NetEqualizers to a four port model, and started using colored port plugs to help our customers identify the ports. Two ports (eth0 and eth1) are used for network traffic, a 3rd port (eth2) is used as a management port, and the 4th port is a spare. We use four colors: 1) blue (WAN), 2) orange (LAN), 3) clear (Management Port) and 4) black (unused).

Prior to 8.3, only a subset of our customers used the Management Port, typically those on VLANs. As of 8.3, we standardized everything so that our NetEqualizer code automatically enables the Management Port, and ALL customers will use this to configure new NetEqualizers. While not a huge change, we think this will make setup just a little bit easier for everyone.

Please note that this feature is only available on new NetEqualizers.

You can read more about all of the features of the 8.3 Release here in the 8.3 Software Update. If you would like to upgrade to 8.3, just click on the button below to send a request to Support.

contact_us_box-1

These features are free to all customers with valid NetEqualizer Software and Support. If you are not current with NSS, contact us today!


We Had a Blast at edAccess!

Art recently joined the edAccess Conference in Mercersberg, PA on June 24th for Vendor Day. It was a great event and was well-attended by small schools and colleges (members come from schools with an FTE of under 1,000 students).edaccess

Art got to visit with quite a few current NetEqualizer customers, as you can see in the picture below:

SubstandardFullSizeRender

Art is on the left of the picture and is shown along with representatives from Williston Northampton School, Choate Rosemary Hall, Blair Academy, Mt. St. Mary Academy, Merceyhurst University, Peddie School, and Groton School.

Art would like to personally thank everyone for a great event…

I’d like to thank John Johnson from Williston Northampton School, Rainelle Dixon from Mercersberg Academy and the entire edAccess steering committee for being such wonderful hosts to the vendors. Mercersburg is such a lovely campus and my drive through central Pennsylvania was also relaxing and fun, I took some time on my return stopping at the various waysides, and even took in a game, featuring the Single A Crosscutters of Williamsport.

Thanks Again!

To learn more about NetEqualizer and how we help educational institutions of all sizes, click below.

contact_us_box-1


Take a Summer Course! Sign Up for a Tech Refresh

Remember those days? If you ever took a summer course, you know that the key was to keep it short, so that you could get back outside. Our NetEqualizer Technical Refresh is short! – only a 30 minute discussion with you and your fellow team members to help get caught up on new NetEqualizer functionality or answer any other questions you have.

The Tech Refresh is great for both new and longtime customers because we are constantly enhancing our product to give you the most value in managing and shaping bandwidth.

To schedule your Tech Refresh, contact us today!

contact_us_box-1

Tech Refreshes are free to all customers with valid NetEqualizer Software and Support. If you are not current with NSS, contact us today!


Spotlight: GX2 – NetEqualizer Hotel & Resort Industry Wi-Fi Partner

NetEqualizer’s Wi-Fi management partner for the hotel and resort industry, GX2 (formerly Global Gossip), recently attended the HITEC 2015 Conference in Austin, Texas, and brought along the NetEqualizer. According to their website, HITEC is the world’s largest hospitality conference.hmsio

Visitors to GX2’s booth and luncheon were able to review the NetEqualizer offering, and also walk away with some trade show bling (a foam NetEqualizer soccer ball!).

Here is a screenshot of the GX2 application used in the managed Wi-Fi service offering:

gx2_screen

As we have reported here in the past, GX2 utilizes the NetEqualizer as part of their Wi-Fi offering supporting our National Parks. So, if you have a summer vacation planned at Yellowstone, Mammoth, Mount Rushmore, Zion, Crater Lake, or the Grand Canyon, to name a few, chances are you are experiencing the benefits of NetEqualizer’s traffic shaping.

If you are already on our technology, you have part of the solution already in place. If you have ever wanted to learn more about a managed service Wi-Fi solution for the Hotel & Resort industry, you can read about our joint offering (HMSIO).

contact_us_box-1


NetEqualizer DDoS Tool Gaining Momentum

We keep getting reports of ongoing Distributed Denial of Service (DDoS) attacks from our customers, and are glad to hear the NetEqualizer is helping in many cases. If you are interested in chatting about using the NetEqualizer as a DDoS prevention tool please contact us to set up a time to chat.

Note: We do have a consulting charge for custom activation of firewall rules, but the initial consult is free.

The 8.3 Release includes our DDoS Monitor at no extra charge! In addition, our new DDoS Firewall tool (DFW) can be purchased as an add-on module for an additional fee.

ddos

The new DDoS Monitor shows you some basic metrics on the outside intrusion hit rate into your network. It can be used to spot anomalies which would indicate a likely DDoS attack in progress. The DDoS Firewall tools helps to actually thwart the attack.

contact_us_box-1


Best Of The Blog

Is Your Bandwidth Controller Obsolete Technology?

By Art Reisman – CTO – APconnections

Although not free yet, bandwidth contracts have been dropping in cost faster than a bad stock during a recession. With cheaper bandwidth costs, the question often arises on whether or not an enterprise can do without their trusty bandwidth controller.

Below, we have compiled a list of factors that will determine whether or not Bandwidth Controllers stick around for a while, or go the route of the analog modem, a relic of when people received their Internet from AOL and dial up…

Photo Of The Month
IMG_2407
Cinque Terre, Italy
This picture was taken by one of our staff while walking the trail that connects the five towns of the Cinque Terre on the coast of Italy. These towns are built into the sides of the tall hills that meet the sea. The trek between each town is a manageable 2 miles and provides picturesque views of the water and surrounding forests.

How to get Access to Blocked Internet Sites and Blocked Video Services


Have you ever taken a flight where video access is blocked?

Perhaps you are in a European Country where a well known provider blocks Skype to force you to use their phone service?

All you need to get around these suspect practices is to use a standard VPN, and it is easier than you think. I am on a flight right now and am going to try watching a movie. I am using IPvanish, but there are many VPN services you can choose from, and use for just a few dollars a month.

Just today, I was trying to restore my iPad to factory defaults. I supposedly have 20 megabit business service from Comcast.  While running the restore, I noticed that my download speed was running at about 200kbs max, and yet speedtests were showing no problems with my connection. So I rebooted my computer, started up my VPN, and found out that I am not getting my full 10 megabits.  What can I infer from this ? Well, I can only assume that Comcast has some sort of bandwidth control and is identifying my Apple device download and slowing it down. I was able to repeat this test.

By the way, I did get to watch a movie on my flight – success!  And that was a much needed break from work.

Note: There is one more trick required to un-block for some VPN services and some  streaming sites.  You may need to hide your DNS activities as well, since some blocking services will also block the DNS request before you even get to the site.

For example, the VPN tunnel will hide what you are doing from anybody, but the initial lookup service to get the site may not be hidden, because you are likely using by default your provider(s) DNS service. So, you should also set your DNS service to a third party site other than your provider after you fire up your VPN. In this way DNS requests should also be encrypted.

Behind The Scenes , How Many Users Can an Access Point Handle ?


Assume you are teaching a class with thirty students, and every one of them needs help with their homework, what would you do? You’d probably schedule a time slot for each student to come in and talk to you one on one (assuming they all had different problems and there was no overlap in your tutoring).

Fast forward to your wireless access point.  You have perhaps heard all the rhetoric about 3.5 gigaherts, or 5.3 megahertz ?

Unfortunately, the word frequency is tossed around in tech buzzword circles the same way car companies and their marketing arms talk about engine sizes. I have no idea what 2.5 Liter Engine is,  it might sound cool and it might be better than a 2 liter engine, but in reality I don’t know how to compare the two numbers. So to answer our original question, we first need a little background on frequencies to get beyond the marketing speak.

A good example of a frequency, that is also easy to visualize, are ripples on pond. When you drop a rock in the water, ripples propagate out in all directions. Now imagine if  you stood in the water, thigh deep across the pond,  and the ripples hit your leg once each second.  The frequency of the ripples in the water would be 1 hertz, or one peak per second. With access points, there are similar ripples that we call radio waves. Although you can’t see them, like the ripples on the water, they are essentially the same thing. Little peaks and values of electromagnetic waves going up and down and hitting the antenna of the wireless device in your computer or Iphone. So when a marketing person tells you their AP is 2.4 Gigahertz, that means those little ripples coming out of  it are hitting your head, and everything else around them, 2.4 billion times each second. That is quite a few ripples per second.

Now in order to transmit a bit of data, the AP actually stops and starts transmitting ripples. One moment it is sending out 2.4 billion ripples pdf second the next moment it is not.  Now this is where it gets a bit weird, at least for me. The 2.4 billion ripples a second really have no meaning as far as data transmission by themselves; what the AP does is set up a schedule of time slots, let’s say 10 million time slots a second, where it is either transmitting ripples, or it turns the ripple generator off. Everybody that is in communication with the AP is aware of the schedule and all the 10 million time slots.  Think of these time slots as dates on your Calendar, and if you have a sunny day, call that a one, while if you have a cloudy day call that a 0.  Cloudy days are a binary 1 and clear day a binary 0. After we string together 8 days we have a sequence of 1’s and 0’s and a full byte. Now 8 days is a long time to transmit a byte, that is why the AP does not use 24 hours for a time slot, but it could , if we were some laid back hippie society where time did not matter.

So let’s go back over what we have learned and plug in some realistic parameters.
Let’s start with a frequency of 2.4 gigahertz. The fastest an AP can realistically turn this ripple generator off and on is about 1/4 the frequency or about 600 time slots/bits per second. This assumes a perfect world and all the bits get out without any interference from other things generating ripples (like your microwave) or something. So in reality the effective rate might be more on the order of 100 million bits a second.
Now let’s say there are 20 users in the room, sharing the available bits equally. They would all be able to run 5 megabits each. But again, there is over head switching between these users (sometimes they talk at the same time and have to constantly back off and re-synch)  Realistically with 20 users all competing for talk time,  1 to 2 megabits per user is more likely.

Other factors that can affect the number of users.
As you can imagine the radio AP manufacturers do all sorts of things to get better numbers. The latest AP’s have multiple antennas and run in two frequencies (two ripple generators) for more bits.

There are also often interference problems with multiple AP’s in the area , all making ripples . The transmission of  ripples for one AP do not stop at a fixed boundary, and this complexity will cause the data rates to slow down while the AP’s sort themselves out.

For related readings on Users and Access Points:

How Many Users Can a Wireless Access Point Handle?

How to Build Your Own Linux Access Points

How to use Access Points to set up and In-Home Music System

Follow

Get every new post delivered to your Inbox.

Join 57 other followers

%d bloggers like this: